OneTrust Certified Privacy Professional Practice Exam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the OneTrust Certified Privacy Professional Exam with detailed questions and explanations. Utilize flashcards and comprehensive MCQs to ensure you're ready to excel in your certification journey.

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.


What is the maximum time limit for responding to data subject access requests under GDPR?

  1. Two weeks

  2. One month

  3. Three months

  4. Six months

The correct answer is: One month

Under the General Data Protection Regulation (GDPR), the maximum time limit for responding to data subject access requests is one month. This timeframe is established to ensure that individuals can receive timely access to their personal data held by organizations. The GDPR recognizes the importance of allowing data subjects to exercise their rights efficiently. Therefore, when a request is received, the organization is required to respond without undue delay and, in any case, within one month of receiving the request. This period can be extended by a further two months where the request is complex or where there are numerous requests, but the initial timeframe remains one month. This one-month period helps to balance the rights of individuals seeking information about their data with the practical considerations organizations face in handling such requests. It ensures accountability and fosters transparency in data processing activities, which are core principles of the GDPR.